• home
  •  > 
  • Internet
  •  > 
  • How to block access to a folder with a password. How to put a password on a folder in different ways

How to block access to a folder with a password. How to put a password on a folder in different ways

Category,

I've heard rumors that WordPress is far from a security ideal. Although updates come out quite often, they still manage to sneak into the system. But judging by the fact that official plugin"jetpack" from WordPress stated that in 2 days from the moment of its installation they tried to break me 32 times, so I decided to play it safe.

Honestly, I have no idea how WordPress works, and in the article “Links and revisions of articles in WordPress” I already mentioned that I usually work with 1C-Bitrix. Therefore I chose the most reliable method- set a password on the main management files/folders that can be penetrated. I considered that such particularly vulnerable files include wp-login.php and folder /wp-admin/.

When closing a file/folder with a password, you need to perform two actions: create a file with a login-password, indicate which folders need to be closed. On Linux, to create a password file you need to use the command

htpasswd -c /etc/htpasswd/site/.htpasswd user_name

Explanation in order:

  • The "-c" switch means creating a file if it does not exist. The meaning of all parameters can be found in the htpasswd documentation
  • Pay attention to the directory for storing the file: "/etc/htpasswd/site/.htpasswd". It is located far from the site, so getting the file and guessing the password will be extremely difficult. You should not put the file with the password in root folder site.
  • “user_name” must be replaced with a login (I think you shouldn’t put your login here from logging into the administrative part of WordPress - it’s better to come up with another one).
  • After entering the command you will be asked to set a password and confirm

Now all that remains is to indicate which folders and files we want to protect with this password. Write it to the end of the .htaccess file (in the root of the site) following lines:

wp-login.php" >
AuthUserFile /etc/htpasswd/site/.htpasswd
AuthName "Authentication Required"
AuthType Basic
Require valid-user

This file is located separately from the admin panel. Therefore, it must be protected individually, via .htaccess in the root folder of the site. Now in more detail what is written here:

  • Inside ... "> write which file/folder the rule will apply to
  • AuthUserFile - path to the file where the password that was created earlier is stored
  • AuthName "..." - text on the sign that the user will see asking him to log in
  • AuthType Basic - authentication type. For simple authentication the value is: Basic
  • Require valid-user - allows access to all verified users

Try running your browser in incognito mode and loading the site page /wp-login.php. If you see a requirement for authorization, then everything has been done correctly.

Happy upcoming holidays to everyone! I hope they go well for you and are accompanied by a great mood.

Today we will have a simple but interesting lesson.

If you have a particularly useful and valuable information, so to speak, is not for everyone, then you can provide it different ways. For example, in the form of newsletters, paid and free books, courses and trainings.

Or you can make a separate page on the site, which will be accessible only to those visitors who know the special password.

How to close a page with a password? With the WordPress engine, this is done in no time.

So, we will train in real time. I'm taking this printscreen right now while I'm writing this post:

Initially we have new entry. It hasn't even been published yet. By the way, the same procedure can be performed with pages.

I'm using the version WordPress engine 3.5.1, and here, even before publishing the material, you can see the following option on the right:

Click on the “change” button and select “Password protected” from the drop-down list:

Create and enter a password (of course, you need to remember it or copy it somewhere for convenience). Click “Publish”. Now, when we open the post or page we just created, we will see the following:


See how simple it is? And we didn't even need special plugins.

In more earlier versions WordPress, you will most likely have to publish a post first, and then open it using “quick edit” and set a password.

How can this be used?

Closing a page with a password, as you can see, is quite simple. But for an enterprising person this opens up great prospects. Here are just some ideas that came to my mind regarding its use:

  • place paid training materials directly on your website and sell the password for them;
  • open a paid school on your blog and publish lessons in the form of closed posts with comments;
  • organize closed library with password;
  • give out a password for a subscription;
  • distribute the password as a bonus to clients and partners;
  • give out a password for the first comment on your blog;
  • make a closed section on the site for certain groups visitors: clients, partners, customers, competitors, etc.;
  • make a competition in which you need to guess passwords for pages;
  • change your password every month and give privileged blog readers access that must be paid or earned again periodically.

The question of how to put a password on a folder in Windows arises at a time when information appears on your computer that is not for everyone. It doesn’t matter what it will be - secret documents that should be hidden from competitors and employees, or materials that should not be shown to children - the methods of concealment are the same.

In the article I will look at six ways to block directories, one of which is based on operating system capabilities that not everyone knows about, the rest work using programs:

How to set a password using Windows

There is a widespread opinion on the Internet that it is impossible to set a password for a directory without programs using the standard capabilities of the operating system - this is a misconception caused by the fact that computer literacy users and many “woe bloggers” are at a low level.

In terms of safety, each a new version Windows is better than the previous one, you need to learn how to use these features.

Folder password protection is based on user accounts. In order to close a directory with a secret key, you must do the following:

  1. Create separate accounts for yourself and for other users. By default, only your administrator account, created when installing the operating system, is valid.
  2. Set a password for your account.
  3. Indicate which documents and directories are shared and which are only accessible certain users. To access such objects, everyone except you will need a password.

As a result, access to your personal data will require access to account administrator. The rest of the information on the computer (general) will be available to everyone.

Now let's look at how to install and configure all this in detail.

Create a shared account

  1. Go to “Start” -> “Control Panel” ->

  1. Select the “Create an account” item. Come up with a name there, if there are any specific users, then you can make them by name (wife/husband, children), or something general, like “Regular User”.

From now on, you will have an administrator - this is you, and everyone else is other accounts.

Put an access code on your account

To begin with, select yourself from the list of users. After you have created an additional account, you will have several users (minimum 2). If you forgot how to get to this choice, then again “Start” -> “Control Panel” -> “Adding and removing user accounts”

Then click on the “Create a password” link and set it. There will be an opportunity to add a hint; if your password is complex, I recommend doing it so as not to forget and not block your access to your own computer.

From this moment on, the administrator functions will be available only to you, everyone else will lose them, but they can use the machine, including all its folders and files, except for those that we will prohibit later.

Lock the folder with a password

User accounts belong to different groups, you are the administrator, the rest are users. In order to put limited access To certain folders It is enough to remove the read permission for these folders for all users and leave it to the administrator (you).

This is done as follows:

  1. Click the edit button on the desired folder and select “Properties”;
  2. Open the “Security” tab (this tab contains the rights of all groups and users in relation to this folder);
  3. Under the list of groups, click the “Change” button;
  4. Selecting groups and users one by one (usually these are the “Users” and “Verified Users” groups), check the prohibited boxes next to changing, reading, reading and executing, the list of folder contents (total).

Application changes made will automatically deny access to this folder to all unauthorized persons. To gain access, they will need the password of the account that is allowed access.

Closing an archive with a folder with a password

The second way to put a password on a folder is based on packaging the desired directory in an archive using special program archiver and setting an access code for the archive. It is not entirely correct to call this method setting a password on a folder, since it ceases to be a folder and turns into a RAR or ZIP file.

But, nevertheless, in terms of ease of use of this method of protection, the method is at its best, since WinRAR program, necessary for working with archives, allows you to work with files and folders inside the archive directly, without reverse unpacking. That is, you added data to a password-protected archive. In the future, you will have access to them only when you enter the key. And all changes inside the archive are automatically added inside by the archiver himself.

I described in detail how to use WinRAR and how to archive a file in . The instructions there are very detailed, there is even a video tutorial, but here I will summarize everything briefly:

  1. Install the WinRAR archiver
  2. Select the folder you want to put a password on and click right click mice
  3. In the context menu, select “Add to archive”
  4. In the archive settings window, click the “Set password” button
  5. Enter your password
  6. Create an archive by clicking the “OK” button

I’ll add just one nuance - if the folder is large and there is no goal of compressing it, but you just need to protect it with a password, then when setting up the archive, set the “no compression” option - this will significantly save time.

Programs for setting a password for a folder

The disadvantage of this method is that it requires the installation of an additional special software (third party programs), which are no longer used for any purpose. Overall, I recommend using special utilities only when absolutely necessary when other methods are not available.

DirLock password setting program

There is no need to study multi-page instructions in order to use the DirLock utility, since it is intuitive even for an inexperienced beginner. Using it to set an access restriction will take 10 seconds.

Download the program here, you need to install it on your computer.

After installing and configuring the program, the “Lock/UnLock” item will appear in the context menu that appears when you right-click on a folder - this is the option to set a password.

If such an item does not appear automatically for you, then run the utility and select “File” in the menu, then “Options” in it. A window will open where such a menu is added using the “Add ‘Lock/Unlock’ context menu” button.

After this, you can put a password on any folder and when you try to open it, a message will appear stating that access is denied.

It will be possible to open the folder again only if the ban is lifted through the same context menu"Lock/UnLock".

Unfortunately, you won’t be able to gain permanent access to a folder locked in this way and you will have to set and remove the password every time.

Locking folders with Anvide Lock Folder utility

Another program designed to password-protect folders on a computer. It is no more difficult to handle than the previous one, just with a slightly different approach.

Download Anvide program Lock Folder Here we install it.

In this utility, closing folders is done through the interface of the program itself.

  1. Launch the program
  2. Use the built-in explorer (+ button) to find the desired folder,
  3. Press the closed lock in the panel,
  4. Enter your password twice and click the “Close access” button
  5. You can enter a password hint (if you wish)
  6. The folder will become invisible.

How to remove a password

  1. Launch Anvide Lock Folder,
  2. Select a password-protected folder from the list,
  3. Click on the open lock icon
  4. Enter the password and click “Open access”.

As in the previous utility, to work with the content you will have to install and uninstall the code each time.

Set the password using Lim LockFolder

This utility is 100% the same as the previous version. All buttons and operating algorithms are the same, the only difference is appearance buttons (design). It won't be difficult to figure it out.

Download Lim LockFolder here you start the installation.

Launch the program, select through Explorer required folders, set passwords, then remove them through the open lock button - everything is like in Anvide Lock Folder.

Password Protect program

The last option discussed in the article is the Password Protect program. It differs from previous utilities in that it does not require installation on a computer.

The second plus is that it is in Russian.

You can download the program here.

To put a password on a folder:

  1. Open Password Protect
  2. Click the “Lock folders” button
  3. Select in Explorer required element and click “OK”
  4. Enter the access code twice and, if necessary, a hint
  5. We see a message about successful closing - the folder becomes invisible.

To work with the contents of this directory, you will need to remove the password by launching the utility and the “Unlock folders” button.

Similar to all previous options, you will have to constantly remove and set passwords - this is the main drawback of all programs, which is why I advise you to use standard features Windows.

Summary

Six possible options We looked at password protection for directories on a computer today. Each of them has its own pros and cons, so everyone must decide for themselves what to give preference to - whether to trust third party software or take advantage of the opportunities that operating system Windows?

There are situations when the website you make should not be public, but is used as a kind of service for a limited circle of people. You can, of course, block up authentication via PHP, but there is an almost elementary way - close the folder on the site using Apache. For example, using files .htaccess And .htpasswd. This is what we will talk about now.

Create a .htpasswd file with passwords

In order to set a password, first we must generate a file .htpasswd. This is done using the htpasswd utility, which exists in versions for both Linux and Windows.

htpasswd -c .htpasswd admin

Key -With indicates what needs to be created new file with passwords. .htpasswd- name of the generated file. admin– login of the user who will be allowed access to the restricted part of the site. After running the utility with all the necessary parameters, you will be asked to enter your password and repeat it. If you have already created a .htaccess file and you want to add a new user to it, simply run the utility by specifying a file with passwords without a key –c.

The created file is text and contains the user login and password hash, which are separated by a colon. By default, the hashing algorithm is DES. But you can change it and use the MD5 algorithm with a key –m, But the best option using the SHA algorithm( switch -s).

Protecting your site using .htaccess

So, the file is created, then we add to root directory website file.htaccess or add the following lines to the existing one:


# Close access to the .htaccess file
Order allow,deny
Deny from all
Satisfy All

# Specify the location of the .htpasswd file, enable authentication
AuthUserFile /etc/apache2/passwd/.htpasswd
AuthName "Password Protected Area"
AuthType Basic
Require valid-user

Parameter AuthUserFile points to absolute path to file .htpasswd. For some reason unknown to me, in many manuals that I have seen, the password file is for some reason stored in the user’s home directory. I would not recommend storing this file in your home directory, much less in the root directory of the site.

After creating the file and placing the file .htaccess in the root of the site, it would be a good idea to restart the apache process.

I would also like to draw your attention to the fact that it would be a good idea to close the site from indexing search engines. To do this, create a file in the root directory of the site robots.txt with the following content:


User-agent: *
Disallow: /

On this I think we can end this post. If you have any other questions on the topic, I’m waiting for them in the comments.